new networking features tools for red hat enterprise linux 7 beta
TRANSCRIPT
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
1/77
Newnetworkingfeatures&toolRedHatEnterpriseLinux7beta
EricDub,NetworkingTechnologyProductManagerRashidKhan,Manager,SoftwareEngineering,RedH
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
2/77
Agenda
!NetworkManagement
!LinkAggregation
!Virtualization,Container,&OverlayNetworkingTechnologies
!NetworkPerformance
!Security
!PrecisionTimeSynchronization
!Diagnostics
!PartnerEcosystem&Summary
!Questions?
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
3/77
NetworkManagement
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
4/77
NetworkManager
! Easytouseyetcomprehensivenetworkmanagementsuitedesignedtoprovidepainlessnetworkco
!Eliminatestheneedtomanuallyeditnetworkconfigurationfilesbyhand.
! Flexible,unifiedinterfacewithGUI,CLI,andTUIoptionsformanagingoflocal,remote,orevenhea
! Supportsabroadarrayofcommonnetworkinterfacetypes:
! Ethernet,IPoIB,VLANs,Bridges,Bonds,Teams,WiFi,WiMAX,WWAN,Bluetooth,VPN,andATM"basedDSL
NumerousimprovementsforRHEL7betaaimedatusability,interoperabilityandaccessibility,includ
! Newcommandlineuserinterfacewithcommandtab"completion(nmcli)
! Newcurses
"based,
menu
driven
text
user
interface
(nmtui)
! Cooperateswithexistinginterfaceconfigurationsandnon"destructivelytakesoveraninterface'sexisti
! RecognizeslivereconfigurationforchangesmadeoutsideofNMwithoutrequiringarestart
! AllinterfacesnowprovidesupportforIPAddressaliases
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
5/77
nmcli:examplesListactiveconnections#nmcliconnectionshowNAME UUID TYPE DEVICELocalLan 4d5c449a"a6c5"451c"8206 802"3"ethernet eth1MyWiFi 91451385"4eb8"4080"8b82 802"11"wirelesswlan0Bondconnection1 720aab83"28dd"4598"9325 bond bond0
Addingaconnection#nmcliconnectionaddcon"nameLocalLANifnameeth1typeethernetip4192.168.1.2/24gw4192.168.1.1
Showconfigurationdetailsforaconnection#nmcliconnectionshowLocalLANconnection.id: LocalLANconnection.uuid: bdd2eb8e"bc67"468e"97b5"e6e1dc8942f8connection.interface"name: eno16777736connection.type: 802"3"ethernetconnection.autoconnect: yesconnection.timestamp: 0
connection.read"only: no
Showavailablewifinetworksanddetails#nmclidevwifilistSSID MODE CHAN RATE SIGNAL BARS SECURITYMyCafe Infra 11 54MB/s 39 $__ WPA2NextDoorInfra 1 54MB/s 27 ___ WPA2
Modifyingaconnectiontoautostart#nmcliconnectionmodeth1connection.autoconnectyes
PleaseseetheRHEL7betaNetworkingGuideformoreexamples!
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
6/77
nmtui:screenshots
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
7/77
LinkAggregation
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
8/77
TeamDriver
! Mechanismforbondingmultiplenetworkdevices(ports)intoasinglelogicalinterfaceatthedatalinprovidesanincreaseinmaximumbandwidthandlinkredundancy.
! AlternativetotheexistingLinuxBondingdriverthatprovidesanumberofadvantagesovertraditionprovidingequalorevenslightlybetterperformance.
! Implementedmostlyinuserspacewithonlythenecessarydatafast"pathsinthekernel.
! Movesmostoftheworkandlogicintoauserspacedaemonmakingit:
! morestable
! easiertodebug
! muchsimpler
to
extend
! SupportsIEEE802.3ad(IEEE802.1ax)LACP+manyproprietarystandards.
! TeamconfigurationsbasedontheJSONformat.
! ManagedfromeitherNetworkManagerortraditionalinitscriptsinfrastructure.
ServerServer
e
e
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
9/77
TeamDriver:exampleconfiguration
#/etc/sysconfig/network"scripts/ifcfg"team0:DEVICE="team0"DEVICETYPE="Team"
ONBOOT="yes"BOOTPROTO=noneNETMASK=255.255.255.0IPADDR=192.168.23.11TEAM_CONFIG='{"runner":{"name":"roundrobin"}}'NM_CONTROLLED="no"
Foreachportdevice,createanifcfgconfigsimilartothefollowingone:
#/etc/sysconfig/network"scripts/ifcfg"eth1:DEVICE="eth1"
DEVICETYPE="TeamPort"ONBOOT="yes"TEAM_MASTER="team0"NM_CONTROLLED="no"
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
10/77
TeamDriver:NetworkManager
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
11/77
Virtualization,Container,&OverlayNetworkingTechnol
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
12/77
MultiqueuesupportforVirtio"net
! Enablespacketsending/receivingprocessingtoscalewiththenumberofavailablevirtualCPUsinaguest.
! EachguestvirtualCPUcanhaveait'sownseparatetransmitorreceivequeueandinterruptsthatcanbeusedwithoutinfluencingothervirtualCPUs.
! Providesbetterapplicationscalabilityandimprovednetworkperformanceinmanycases.
! Toenable,addthefollowingtotheblockofyourLibvirtXMLconfigurationfile:
...
! EnabledfromguestVMusingEthtool:
#ethtool"Leth0combined4
v
vcpu0
rx0 tx0
sock0
rx tx
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
13/77
SingleRootI/OVirtualization(SR"IOV)
! Allowsadevice,suchasanetworkadapter,toseparateaccesstoitsresourcesamongvariousPCIehardwarefuFunction(PF)andoneormoreVirtualFunctions(VF)
! EnablesnetworktraffictobypassthesoftwarelayerofthehypervisorandflowdirectlybetweentheVFandthevir
! Nearline"rateperformancewithouttheneedtodedicateaseparateNICtoeachindividualvirtualmachine.
! ForRHEL7beta,thenumberofavailableSR"IOVVirtualFunctionshasbeenincreased(upto128)forcapablendriversupporthasalsobeenexpandedtocovermoredevices.
! FullSupportDrivers
! Broadcombnx2x
! Emulexbe2net
! Inteligb/igbvf,ixgbe/ixgbevf,i40e/i40evf
! TechPreviewDrivers
! Chelsiocxgb4/cxgb4vf
! Mellanoxmlx4_en/mlx4_ib
! Qlogicqlcnic
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
14/77
NetworkNamespaces
! Lightweightcontainer"basedvirtualizationallowsvirtualnetworkstackstobeassociatedwithaprocessgroup.
! Createsanisolatedcopyofthenetworkingdatastructuressuchastheinterfacelist,sockets,routingtable,/proc/nnumbers,andsoon.
! Managedthroughtheiproute2(ipnetns)interface:
Showsthelistofcurrentnamednetworknamespaces#ipnetnslist
Createsanetworknamespaceandnamesitvpn#ipnetnsaddvpn
Bringuptheloopbackinterfaceinthevpnnetworknamespace#ipnetnsexecvpniplinksetloup
Reportasnetworknamespacesareaddedanddeleted
#ipnetns
monitor
! UseCases:
! Isolatednetworkspaceforapplicationdevelopment.
! OverlappingIPrangesformulti"tenancyhosting.
! Runningmultipleapplicationsonthesamehostwithidenticalportnumberbindingrequirements.
Blue W10.1
v
Blue
vet
eth
Blu10.
VLAN 1
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
15/77
ControlGroups(cgroups)
! Allowsforresourceallocation(suchasCPUtime,systemmemory,networkbandwidth,diskI/O,ortheseresources)amonguser"definedgroupsofprocessesrunningonasystem.
! Cgroupsprovide:
! ResourceLimiting:Groupscanbesettonotexceedasetmemorylimit.
! Prioritization:SomegroupsmaygetalargershareofCPU,network,ordiskI/Othroughput.
! Accounting:Measurehowmuchresourcescertainsystemsuse(e.g.forbillingpurposes).
! Control:Freezinggroupsorcheckpointingandrestarting.
! ImprovementsforRHEL7betainclude:
! Per"ControlGroupTCPBufferLimits
! MemorypressurecontrolsforTCPdesignedtolimitbuffersizes(whichholdpacketdataasitpassesthroug
themfromgettingtoolarge.
! NetworkPriorityControlGroup
! Allowsanadministratortodynamicallysetthepriorityofegressnetworktrafficonagiveninterfacegenerateapplications.
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
16/77
OverlayNetworkingTechnologies
! VirtualExtensibleLAN(VXLAN)
! NewsupportforVXLANencapsulationprotocolforrunninganoverlaynetworkusinganexistinginfrastructuretcomputearchitectures.
! TCP/IPVXLANoffloadandVXLANGRO.
! Hardwarechecksumandsegmentationoffloadingsupport.
! Measured~38Gbpsusinga40GbENIC!
! GenericRoutingEncapsulation(GRE)
! SupportforcarryingGREframesoverIPv6inadditiontoIPv4.
! HardwarechecksumoffloadsupportusingGSO/GRO.
! Layer2TunnelingProtocol(L2TP)
! SupportforcarryingL2TPframesoverUDPontopofIPv6inadditiontoIPv4.
! EncapsulationsupportforframesdirectlyoverIPv6(non"UDPbased).
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
17/77
OpenvSwitch
! Multi"layersoftwareswitchintendedtobeusedinplaceoftheexistingLinuxsoftwarebridgedesignbetweenvirtualmachinesandphysicalorlogicalnetworks.
! Supportsapplicationandtenanttrafficisolationusingoverlaynetworkingtechnologies(GRE,VXLAVLANtagging.
! Highlights:
! Multi"threadeduserspaceswitchingdaemonforincreasedscalability.
! Supportforwildcardflowsinkerneldatapath# cansignificantlyreducesizeoftheflowtables,avoidunnecessaryflowmisses,andoptimizeflowsetuprate.
! SupportsGREandVXLANencapsulationincludingkernelbasedhardwareoffload.
! SCTPsupport.
! Supported
on
Red
Hat
Enterprise
Linux
OpenStack
Platform
and
RedHatEnterpriseVirtualizationproductofferings.
! Fortestinganddevelopmentpurposes,theuser"spacepackagesforRHEL7betacanbeobtainedfromFedora'sRDOOpenStackIcehouserepository.
VM
Security:VLANisolation, encapsulatitraffic filtering
Security:VLANisolation, encapsulatiotraffic filtering
QoS:Traffic queuingand traffic shaping
QoS:Traffic queuingand traffic shaping
Ope
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
18/77
NetworkPerformance
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
19/77
NextGenerationNetworkingHardwareSup
! 40GEthernet(IEEE802.3ba)
! Providessupportfor40GEthernetlinkspeedsenablingfasternetworkcommunicationforapplica
! Ethtoolwillreportinterfacelinkspeedsupto40Gdatarates.
! 40G
Capable
Network
Drivers
!Chelsiocxgb4# Emulexbe2net# Inteli40e# Mellanoxmlx4_en# Solarflaresfc
! WiGig60GHzBand(IEEE802.11ad)
! Allowsdevicestowirelesslycommunicateatmulti"gigabitspeeds(upto7Gbps.)
! Nearly50timesfasterthanthe802.11nspecification!
! 802.11adCapableWirelessNetworkDrivers
!AtherosWIL6210
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
20/77
TCPPerformanceandLatencyImproveme
! TCPFastOpen(bothclientandserver"side)
! ExperimentalTCPextensiondesignedtoreducetheoverheadwhenestablishingaTCPconnectionbyeliminatingone
fromcertainkindsofTCPconversations.
! UsefulforacceleratingHTTPconnectionhandshakingresultinginspeedimprovementsofbetween4%and41%inthewebsites.
! TCPTailLossProbe (TLP)Algorithm
! ExperimentalalgorithmimprovestheefficiencyofhowtheTCPnetworkingstackdealswithlostpacketsattheendofa
! Forshorttransactions,TLPcanreducetransmissiontimeoutsbyasmuchas15%andshortenHTTPresponsetimesby
! TCPEarlyRetransmit(ER)
! Allowsthetransporttousefastretransmitstorecoversegmentlossesthatwouldotherwiserequirealengthyretransmis
! Enablesconnectionstorecoverfromlostpacketsfasterdecreasingoveralllatency.
! TCPProportionalRateReduction(PRR)
! Experimentalalgorithmdesignedtoadapttransmissionratestotheratesthatcanbeprocessedbytherecipientandbyway(especiallyafterthrottlingtheratetopreventanimminentoverload.)
! DesignedtoreturntothemaximumtransferratefasterthanthepreviouslyusedmethodandpotentiallyreduceHTTPre
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
21/77
TCPBufferbloatAvoidance
! Termusedforproblemssuchashighnetworklatenciesanddisruptedconnectionscausedbytoomdatatransfersbetweennetworksthatarenotproperlymatchedwithrespecttospeedofhandlingpa
! SeveralimprovementsweremadeinRHEL7betatohelpavoidcommonBufferbloatproblems,incl
! DynamicQueueLimitsandByteQueueLimits
! Allowsthekerneltocontrolhowmuchdatacanaccumulateinasendqueuecausedbyexcessnetworkinghardware.
! TCPSmallQueues(TSQ)
! Usessmallbuffersofnomorethan128KBpernetworksocketbydefaultbutdoesn'taffectdata
! CoDeland
Fair
Queue
CoDel
AQM
Packet
Schedulers
! Addssupportforthepacketschedulers"CoDel"(Controlled"DelayActiveQueueManagementQueueCoDelAQM".
! Activequeuemanagementalgorithmsspecificallydevelopedtoovercomebufferbloatthatworkonthedelaynetworkpacketssufferduetopassingthroughthebuffer.
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
22/77
LowLatencySocketsusingBusyPoll
! Designedtoreducenetworkinglatencyandjitterwithinthekernelbydrivingthereceivefromuserc
! Allowsanapplicationtopollfornewpacketsdirectlyinthedevicedriverenablingpacketstoquicklythenetworkstack.
! Requiresasupportednetworkdriver:
! Broadcombnx2x# Emulexbe2net# Intelixgbe# Mellanoxmlx4# Myricommyri10ge
! OnlysocketswiththeSO_BUSY_POLLsocketoptionsetarebusypolled:
#Controlshowlongtospinwaitingforpacketsonthedevicequeueforsocketpollandselectsysctl:net.core.busy_poll={#ofsec# 0=OFF[DEFAULT]}
#Controlshowlongtospinwaitingforpacketsonthedevicequeueforsocketreadssysctl:net.core.busy_read={#ofsec# 0=OFF[DEFAULT]}
! Additionaltuningshouldbedoneforbestperformance,suchas:
! Interruptcoalescing,disablingofGRO/LRO,bindingapplicationthreads,etc.
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
23/77
RoutingImprovements
! Interfaceoptiontoenableroutingof127.0.0.0/8
! Providessupportforanewperinterfaceoptionthatallowsroutingofthe127.0.0.0/8addressblocenablingthekerneltorecognizeon"boxtrafficflowsandoptimizeaccordingly.
! Usefulwithinsingle"machineconfigurationswhereprocesses(suchascontainerizedapplicationscommunicatewitheachother.
! Defaultlocalhostinterfaceroutemustfirstberemoved:
#sysctl"wnet.ipv4.conf.eth0.route_localnet=1#iproutedel127.0.0.0/8devlotablelocal#ipaddradd127.1.0.1/16deveth0#iprouteflushcache
! IPv4RoutingCache
! RemovesoldandoutdatedIPv4routecachefunctionalityinthekernel
! Resultsindecreasedroutecachelookupmissesforhighvolumesitesandreducedoverheadfor
! DoSattacksarealsocompletelyeliminatedwhileprovidingpredictableandconsistentperformanthepatternoftrafficserviced.
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
24/77
XPS:TransmitPacketSteering
! Mechanismforintelligentlyselectingwhichtransmitqueuetousewhentransmittingapacketonmudevices.
! Analogousto
Receive
Packet
Steering
(RPS):
! RPSselectsaCPUbasedonreceivequeue.
! XPSselectsaqueuebasedontheCPU.
! Benefits:
! ContentiononthedevicequeuelockissignificantlyreducedsincefewerCPUscontendforthesamequeue.
! ContentioncanbecompletelyeliminatedifeachCPUhasitsowntransmitqueue.
! Cachemissrateontransmitcompletionisreduced.
! Configuration:
/sys/class/net/eth[#]/queues/tx"[#]/xps_cpus{bitmaskofCPUsthatmayusetransmitqueue}
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
25/77
PF_PACKETPerformance
! Packetsocketsareusedtosendorreceiverawpacketsatthedevicedriverlevel.
! Allowuserstoimplementprotocolmodulesinuserspaceontopofthephysicallayer.
! Fordiagnosingnetwork"relatedproblems,it'softenusefultobeabletocapturepacketstransmittedmachine(LinuximplementsthePF_PACKETsocketfamilytouseforthispurpose.)
! Severalimprovements,including:
! FanoutMode
! Packetfanoutsupportenablessocketclusteringandload"balancingofmultipleprocessesworkingonpackedifferentpoliciessuchasround"robin,rxhash,orroll"over.
! TPACKET_V3Flexible
Buffer
Implementation
! Newzero"copymechanismprovideshigherthroughputthanwithTPACKET_V1/2duetofewertranslationlomisses.
! HardwareTimeStamping
! Hardwaretimestampinghasbeenimprovedandalsoaddedtothe[TX,RX]_RING.
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
26/77
RemoteDirectMemoryAccess(RDMA)
! RDMAoverConvergedEthernet(RoCE)
! Provideslowlatency,highbandwidthnetworkconnectivitywhilereducingCPUoverheadusing10/40GbRoCE
networkadapters.
! NowincludedwithRHEL7nolongerrequirestheHPNadd"onoption.
! iSCSIExtensionsforRDMA(iSER)&SCSIRDMAProtocol(SRP)TargetDrivers
! EnablesaccesstoSCSIdevicesattachedtoanothercomputerviaRDMAprovidinghigherthroughputandlowetypicallypossibleusingTCP/IP.
! New'targetcli'administrationtoolprovideseasyconfigurationoftargetdevices.
! rsocketsRDMAsocketAPIisnowpartoflibrdmacmpackage
! Supportssocket"levelAPIintendedtomatchthebehaviorofcorrespondingsocketcalls# essentially,asimplifieinterfacetoRDMAprogramming.
! NewDriverSupport
! ocrdma:RoCEsupportforEmulexOce1400010/40GbEthernetNetworkAdapters(TechPreview).
! mlx5:InfiniBandsupportforMellanoxSingle/Dual"PortConnect"IB4XFDRHostChannelAdapters.
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
27/77
Security
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
28/77
Firewalld
! Newdynamicandprotocolindependentfirewallserviceprovidinggreaterflexibilityovertraditionalip
! Eliminatesservicedisruptionsduringruleupdates.
! Supportsdifferentnetworktrustzonesforper"connectionfirewallsettings.
! Unifiedfirewallmanagementservicefor:
! IPv4(iptables),IPv6(ip6tables),andEthernetBridges(ebtables)
! GUI(firewall"config)andCLI(firewall"cmd)basedconfigurationutilities
! SimpleyetpowerfulXML"basedconfigurationfileformatwithnearly50built"inpre"definedsettingssystemservices.
! Configurableserviceoptionsinclude:
! Portrangeswithprotocoltype
! Netfilterhelpermodules
! Destinationaddress(range)forIPv4and/orIPv6
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
29/77
Firewalld:exampleconfigurations
dns
https
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
30/77
nftables
! Next"generation,unifiedreplacementtotheseparate[ip,ip6,arp,eb]_tablesframeworkswithinthekepacketfilteringandclassification.
! Introducestheconceptofasimple,universalpseudo"virtualmachine(inspiredbyBPF)toexecutebinspectinganetworkpacketandmakingdecisionsonhowthatpacketshouldbehandled.
! User"spaceutilityinterpretstherule"setandcompilesittopseudo"bytecodethentransfersittothe
! Mainadvantagesoveriptables:
! Reductionofcodeduplicationbyremovingprotocolawarenessfromdecisionengine
! Improvederrorreporting
! Moreefficient
execution,
storage,
and
incremental
changes
of
filtering
rules
! KernelsupportisincludedinRHEL7beta,however,theuser"spacepackageswillbeincludedinaupstreamdevelopmenthashadtimetostabilize.
! Fortestinganddevelopmentpurposes,nftablesrequires:
! libmnl:MinimalisticNetlinklibrary[includedinRHEL7beta]
! libnfnl:User"spacelibraryforlow"levelinteractionwithnftablesNetlink'sAPI
! nftables:Commandlineutilitytomaintainruleset
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
31/77
DDoS(DistributedDenialofService)Protectio
! Netfilter:iptablestargetSYNPROXY
! DDoSattacksareincreasinglybecomingcommonplaceasmoreandmoreproductsandservices
ondeliveringservicesovertheInternet.
! SYNPROXYmoduleisdesignedtoprotectagainstcommonSYN"floodsandACK"floods,butcanprotectagainstSYN"ACKfloods.
! WorksbyfilteringoutfalseSYN"ACKandACKpacketsbeforethesocketentersthelistenstatepreventingnewincomingconnections)
! SignificantstepforfightingDDoSandprotectingcriticalsystemservices.
! Exampleconfiguration(intendedforawebserver):
sysctl:net.netfilter.nf_conntrack_tcp_loose=0[DEFAULT=1]
#iptables"traw"APREROUTING"ieth0"ptcp""dport80""syn"jNOTRACK#iptables"AINPUT"ieth0"ptcp""dport80"mstateUNTRACKED,INVALID\
"jSYNPROXY""sack"perm""timestamp""mss1480""wscale7ecn
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
32/77
DomainNameSystemSecurityExtension(DN
! AllowsclientstodetermineoriginauthenticationofDNSdata,authenticateddenialofexistenceand
! Preventsman"in"the"middleattacksinwhichactiveeavesdroppingorinterceptedcommunicationoc
systems.
! TwonewDNSSECpackageshavebeenintroducedforRHEL7beta:
! UnboundDNSresolverthatprovidescachingandDNSSECvalidation.
!Controlledbytheunboundsystemdservice
! dnssec"triggerHandlesreconfiguringthelocalunboundDNSserver(e.g.,inthecaseofhot
!Controlledbythednssec"triggersystemdservice
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
33/77
IPv6NetworkAddressTranslation(NAT)
! ProcessofmodifyingIPaddressinformationinpacketheaderswhileintransitacrossatrafficroutinthepurposeofremappingoneIPaddressspaceintoanother.
! Commonlyused
in
IPv4
to
workaround
IPv4
address
exhaustion
! WhileNATisgenerallyconsideredunnecessarywithIPv6(duetoitsmuchlargeraddressspace),ittopologydetailsforinternalnetworks.
! Configuredfromnetfilter6andip6tables:
! ClientsbehindaroutercanbehiddenbyusingIPv6masquerading(hide/overlapNAT):
#ip6tables"tnat"APOSTROUTING"osixxs"sfec0::/64"jMASQUERADE
! DedicatedpublicIPv6addresscanbeforwardedtoaninternalIPv6address:
#ip6tables"tnat"APREROUTING"d2001:db8:0:1:5054:ff:fe01:2345"isixxs"jDNAT\ ""to"destinationfec0::5054:ff:fe01:2345
! Dedicatedspecifiedportcanbeforwardedtoaninternalsystem:
#ip6tables"tnat"APREROUTING"isixxs"ptcp""dport8080"jDNAT""to"destination[fec0::1
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
34/77
PrecisionTimeSynchronizat
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
35/77
ChronySuite
! DifferentimplementationoftheNTPprotocolthanntpdthatisabletosynchronizethesystemclockbetteraccuracythanntpd.
! Notintendedtobeareplacementforntpdforallusecases,however,thealgorithmusedtodisciplinChronyseveraladvantagesoverntpd,including:
! Muchfastersynchronizationrequiringonlyminutesinsteadofhourstominimizethetimeandfrequencyerror
! Largerrangeforfrequencycorrection(100000ppmvs500ppm)allowingittooperateevenonmachineswithbclocks(usefulforsomevirtualmachines)
! Betterresponsetorapidchangesintheclockfrequencyduetochangesinthetemperatureofthecrystaloscilla
! Aftertheinitialsynchronizationtheclockisneversteppedsoasnottoupsetapplicationsneedingtimetobem
! Betterstabilitywithtemporaryasymmetricdelaysduetonetworkcongestion
! Periodicpollingofserversisnotrequired,sosystemswithintermittentnetworkconnectionscanstillquicklysyn
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
36/77
ChronySuite:example
#chronyctrackingReferenceID :46.249.47.127(fw.ams.nl.alexs.co.nz)Stratum :3Reftime(UTC) :FriDec1309:12:142013Systemtime :0.000245416secondsslowofNTPtimeLastoffset :"0.000308746secondsRMSoffset :0.000653052secondsFrequency :18.964ppmslowResidualfreq :"0.004ppmSkew :0.039ppmRootdelay :0.045544secondsRootdispersion:0.012329secondsUpdateinterval:1039.7secondsLeapstatus :Normal
#chronycsources210Numberofsources=4MSName/IPaddress StratumPollReachLastRxLastsample===============================================================================
^*fw.ams.nl.alexs.co.nz 2 10 377 53 "2813us["3122us]+/" 50ms^+sip.dicode.nl 2 10 377 649 "3861us["4161us]+/" 57ms^+thuis.bentware.nl 3 10 377 442 "1470us["1773us]+/" 76ms^+mirror.muntinternet.net 2 10 377 239 "1592us["1898us]+/" 50ms
#chronycsourcestats210Numberofsources=4Name/IPAddress NP NR Span Frequency FreqSkew Offset StdDev==============================================================================fw.ams.nl.alexs.co.nz 19 9 309m "0.046 0.120 "97us 689ussip.dicode.nl 20 7 327m "0.007 0.144 "246us 916usthuis.bentware.nl 34 17 568m 0.015 0.042 "4754ns 695usmirror.muntinternet.net 32 15 552m "0.008 0.054 +345us 835us
http://sip.dicode.nl/http://thuis.bentware.nl/http://mirror.muntinternet.net/http://sip.dicode.nl/http://thuis.bentware.nl/http://mirror.muntinternet.net/http://mirror.muntinternet.net/http://thuis.bentware.nl/http://sip.dicode.nl/http://mirror.muntinternet.net/http://thuis.bentware.nl/http://sip.dicode.nl/ -
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
37/77
PrecisionTimeProtocolversion2(PTPv2)
! BasedonIEEE1588"2008standard,methodforpreciselysynchronizingdistributedclocksoveran
! Capableofachievingclockaccuracyinthesub"microsecondrangewhenusedinconjunctionwithP
hardwaredevices.
! Robustprotocolimplementationprovidedby'LinuxPTP'package(usingmodernLinuxKernelAPI's
! WhenusedincombinationwithntpdorChrony,itcanbeusedtoaccuratelysynchronizetimefromtMachines.
! ForRHEL7beta,newnetworkdriversupportforbothhardwareandsoftwaretimestampingcapabi
! Hardwaretimestamping(alsorequiressupportinthephysicalnetworkadapter):
! Broadcomtg3# Intele1000e,igb,ixgbe# Mellanoxmlx4_en# Solarflaresfc
! Softwaretimestamping:
! Broadcomtg3,bnx2x# Intele1000e,igb,ixgbe
! TechPreview:
! Hardware:Inteli40e,pch_ptp
! Software:Cadencemacb# Intele1000,i40e# Realtekr8169# SMSCsmsc9420# dnet# usbnet
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
38/77
LinuxPTP:exampleconfiguration
#ethtool"Teth1Timestampingparametersforeth1:Capabilities: hardware"transmit (SOF_TIMESTAMPING_TX_HARDWARE) software"transmit (SOF_TIMESTAMPING_TX_SOFTWARE)
hardware"receive (SOF_TIMESTAMPING_RX_HARDWARE) software"receive (SOF_TIMESTAMPING_RX_SOFTWARE) software"system"clock(SOF_TIMESTAMPING_SOFTWARE) hardware"raw"clock (SOF_TIMESTAMPING_RAW_HARDWARE)PTPHardwareClock:0HardwareTransmitTimestampModes: off (HWTSTAMP_TX_OFF) on (HWTSTAMP_TX_ON)HardwareReceiveFilterModes: none (HWTSTAMP_FILTER_NONE) all (HWTSTAMP_FILTER_ALL)
#ptp4l"ieth1"mselectedeth1asPTPclockport1:INITIALIZINGtoLISTENINGonINITIALIZEport0:INITIALIZINGtoLISTENINGonINITIALIZEport1:newforeignmaster00a069.fffe.0b552d"1
selectedbestmasterclock00a069.fffe.0b552dport1:LISTENINGtoUNCALIBRATEDonRS_SLAVEmasteroffset"23947s0freq+0pathdelay 11350masteroffset"28867s0freq+0pathdelay 11236masteroffset"32801s0freq+0pathdelay 10841masteroffset"37203s1freq+0pathdelay 10583masteroffset "7275s2freq"30575pathdelay 10583port1:UNCALIBRATEDtoSLAVEonMASTER_CLOCK_SELECTEDmasteroffset "4552s2freq"30035pathdelay 10385
#phc2sys"seth1"w
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
39/77
Diagnostics
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
40/77
IPTraf"ng
! Curses"based,consolenetworkmonitoringandstatisticsutility.
! Capableofgatheringavarietyofmeasurements,suchas:
! TCPpacket
and
byte
counts,
interface
statistics
and
activity
indicators,
TCP/UDP
traffic
breakdowns,
and
LAN
station
p
iff
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
41/77
Netsniff"ng
! High"performance,networkingtoolkitutilizingzero"copymechanismseliminatingtheneedforthekepacketsfromkernelspacetouserspaceandviceversaduringpacketreceptionandtransmission.
! Toolkitis
comprised
of
the
following
utilities:
! astraceroute,anautonomoussystem(AS)andGeoIPtracerouteutility
! bpfc,aBerkeleyPacketFiltercompiler,LinuxBPFJITdisassembler
! ifpps,atop"likekernelnetworkingstatisticstool
! netsniff"ng,afastzero"copyanalyzer,pcapcapturingandreplayingtool
! trafgen,amultithreadedlow"levelzero"copynetworkpacketgenerator
!
Fastandhighlyconfigurable:#netsniff"ng""ineth0""outdump.pcap"s"b0tcporudpRunning!Hangupwith^C!
1826 packetsincoming(3unreadonexit) 1829 packetspassedfilter 0 packetsfailedfilter(outofspace) 0.0000%packetdroprate 26 sec,901712usecintotal
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
42/77
PartnerEcosystem&Summary
Vib t N t ki P t E t
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
43/77
VibrantNetworkingPartnerEco"system
! Closeengineeringrelationshipswithournetworkingpartnersresultinbetteroutofboxpoverall,ahigher"qualityproductthrough:
! Cooperativedevelopment
! Upstreamcollaboration
! Jointtestingofreleases
! Mutualcustomersupport
! Significantpartnercodecontributionsaccountfor~10%ofthelinesofcodeintheRHE
S
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
44/77
Summary
! Flexiblenetworkmanagement
! Newlinkaggregationmechanism
! Manyvirtualization,container,andoverlaynetworkingtechnologiesupdates
! Majorsecurityenhancements
! Highlyaccuratetimesynchronization
! Numerousnetworkperformanceoptimizationsandlatencyimprovements
! Newdiagnostictools
! Strongpartnereco"system
This
only
represents
a
subset
of
all
the
new
and
exciting
enhancements
found
in
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
45/77
Questions?
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
46/77
BackupSlides
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
47/77
NetworkManagement
NetworkManager
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
48/77
NetworkManager
! Newcommandlineuserinterface(nmcli)
! Intendedforusebyadministrators/end"userswhopreferormayrequirecommandlineaccesstosetup,manag
services
on
a
system.! Newcurses"baseduserinterface(nmtui)
! Replacementforsystem"config"network"tui(inRHEL6)designedtomakeiteasiertoconfiguremanycommon
! SupportscommonnetworkInterfacetypes
! Ethernet,IPoIB,VLANs,Bridges,Bonds,Teams,WiFi,WiMAX,WWAN,Bluetooth,VPN,andATM"basedDSL
! StatusandmonitoringsupportforGRE,MACVTAP,TUN,TAP,andVETHinterfaces.
!
Cooperates
with
existing
interface
configurations! Restartingwon'tchangeanyaddressing,routing,orLayer"2configurationsforEthernet,bridge,bond/team,anwillnon"destructivelytakeovertheinterface'sexistingconfig.
! Recognizeslivereconfiguration
! ChangestoaddressesandroutesmadeoutsideofNMareimmediatelyreflectedandcanbemadepermanentthatnewconfigurationtodisk.
NetworkManager
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
49/77
NetworkManager
! IPAddressAliasessupport
! Supportforinterfacealiases(multipleIPaddressesonasingleinterface).
! NewServer
Defaults
! NetworkManager"config"serverRPMprovidessuitabledefaultsforservers.
! NotcreatingdefaultDHCPconnections,ignoringthecarrierstateoninterfaceswithstaticIPconfigurations,resolv.conf,etc.
! ExplicitConfigurationReload
! Nolongerwatchesforconfigurationfilechangesbydefault,andallowsadministratorstomakeitawareofexter
! Thisbehaviorbetteralignswithexpectationsaboutconfigurationfilechangesmadethrougheditorsordevelop
! Futuredevelopment
! PlannedsupportformanagingIPSec,VXLAN,andDNSSECTunnels.
ModemManager
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
50/77
ModemManager
! ServiceforcontrollingWirelessWANdevicesandcommunicatingwithcellulardatanetworks.
!
ProvidesarichunifiedD"BusAPIfor:
! Networkstatus
! Dataconnections
! ShortMessageService(SMS)communications
! LocationServices
! Othercellularfunctions
! DeviceenablementhasbeensignificantlyimprovedonRHEL7betawithsupportformulti"modehardware,4GLTEnetworks,andenhancedsupportforSMScommunicationandlocationservices.
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
51/77
LinkAggregation
Team Driver: example configuration
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
52/77
TeamDriver:exampleconfiguration
$ls/usr/share/doc/teamd"*/example_configs/activebackup_arp_ping_1.conf activebackup_multi_lw_1.conf loadbalance_2.confactivebackup_arp_ping_2.conf activebackup_nsna_ping_1.conf loadbalance_3.confactivebackup_ethtool_1.conf broadcast.conf random.confactivebackup_ethtool_2.conf lacp_1.conf roundrobin_2.conf
activebackup_ethtool_3.conf loadbalance_1.conf roundrobin.conf
#cat/usr/share/doc/teamd"0.1/example_configs/activebackup_ethtool_1.conf { "device": "team0", "runner": {"name":"activebackup"}, "link_watch": {"name":"ethtool"}, "ports": { "eth1":{ "prio":"10, "sticky":true }, "eth2":{ "prio":100 }
}}#teamd"f/usr/share/doc/teamd"0.1/example_configs/activebackup_ethtool_1.conf "d#iplink4:eth1:mtu1500qdiscnoopstateDOWNmodeDEFAULTqlen1000 link/ether52:54:00:3d:c7:6dbrdff:ff:ff:ff:ff:ff5:eth2:mtu1500qdiscnoopstateDOWNmodeDEFAULTqlen1000 link/ether52:54:00:73:15:c2brdff:ff:ff:ff:ff:ff5:team0:mtu1500qdiscnoopstateDOWNmodeDEFAULT
link/etherea:8e:85:d3:95:5dbrdff:ff:ff:ff:ff:ff#ipaddradd192.168.23.2/24devteam0#iplinksetteam0up
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
53/77
Virtualization,Container,&OverlayNetworkingTechnol
TCP Connection Repair
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
54/77
TCPConnectionRepair
! DesignedforstoppingaTCPconnectionandrestartingitonanotherhost(intendedforprocesscherestarting.)
!
Containervirtualizationimplementationscanmakeusethisfeaturetorelocateanentirenetworkcohosttoanothertransparentlyfortheremoteend.
! Achievedbyputtingthesocketina"repair"modeallowingthegatheringofnecessaryinformationfopreviousstateintoanewsocket.
! Accomplishedwiththesetsockopt()systemcallusingthenewTCP_REPAIRoption,whichputs
therepairmode.
IP Virtual Server (IPVS)
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
55/77
IPVirtualServer(IPVS)
! BuiltontopofNetfilter,IPVSimplementstransport"layerloadbalancinginsidetheLinuxkernel.
! Runsonahostandactsasaloadbalanceratthefrontofaclusterofrealservers.
! WorksbydirectingrequestsforTCP/UDPbasedservicestotherealserversandbymakingserviceappearasavirtualserviceonasingleIPaddress.
! NewforRHEL7beta:
! AddedsupportforLinuxContainers(LXC)allowingprocessvirtualizationwithnetworknamespacetransport"lay
! SupportforfragmentedIPv6UDPmessageswithIPVS.
Control Groups (cgroups)
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
56/77
ControlGroups(cgroups)
! Per"ControlGroupTCPBufferLimits
! Hardlimitcanbeset/shownfrom:
/sys/fs/cgroup/memory/memory.kmem.tcp.limit_in_bytes
! Additionalinformationcanbefoundincgroups/memory.txt withinthe'kernel"doc'package.
! NetworkPriorityControlGroup
! Creatingnetworkprioritygroups:
#insmod/lib/modules//kernel/net/core/netprio_cgroup.ko#mkdir/sys/fs/cgroup/net_prio#mount"tcgroup"onet_prionone/sys/fs/cgroup/net_prio
! Eachnet_priocgroupcontainstwofilesthataresubsystemspecific:
! net_prio.prioidx:Containsauniqueintegervaluethatthekernelusesasaninternalrepresentationofthiscsimplyinformative.)
! net_prio.ifpriomap:Containsamapoftheprioritiesassignedtotrafficoriginatingfromprocessesinthisgrosystemonvariousinterfaces.Tupleformattedlist:
#echo"eth05">/sys/fs/cgroups/net_prio/test/net_prio.ifpriomap
! Additionalinformationcanbefoundincgroups/net_prio.txtwithinthe'kernel"doc'package.
Open vSwitch: example VLAN"based configur
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
57/77
OpenvSwitch:exampleVLAN basedconfigur
OpenvSwitchbridgebetweentwoVirtualMachinesusingVLANtaggingfortrafficisolation:
! CreateanOVSbridge:
#ovs
"vsctl
add
"brbr0
! Addeth0tothebridge(bydefault,allOVSportsareVLANtrunks,soeth0willpassallVLANs):
#ovs"vsctladd"portbr0eth0
! AddVM1asanaccessportonVLAN1:
#ovs"vsctladd"portbr0tap0tag=1
! AddVM2onVLAN1:
#ovs"vsctladd"portbr0tap1tag=1
V
ta
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
58/77
Security
nftables vs. iptables comparison
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
59/77
nftablesvs.iptablescomparison
! Withiptables,youneedtowritetworules,onefordropandoneforlogging:
#iptables"AFORWARD"ptcp""dport22"jLOG#iptables"AFORWARD"ptcp""dport22"jDROP
! Withnftables,youcancombinedbothtargets:
#nftaddrulefilterforwardtcpdport22logdrop
! Withiptablesinordertoallowpacketsfordifferentportsandallowdifferenticmpv6types,youwouldfollowing:
#ip6tables"AINPUT"ptcp"mmultiport""dports23,80,443"jACCEPT#ip6tables"AINPUT"picmpv6""icmpv6"typeneighbor"solicitation"jACCEPT#ip6tables"AINPUT"picmpv6""icmpv6"typeecho"request"jACCEPT#ip6tables"AINPUT"picmpv6""icmpv6"typerouter"advertisement"jACCEPT
#ip6tables"AINPUT"picmpv6""icmpv6"typeneighbor"advertisement"jACCEPT
! Withnftables,setscanbeusedonanyelementinarule:
#nftaddruleip6filterinputtcpdport{telnet,http,https}accept#nftaddruleip6filterinputicmpv6type{nd"neighbor"solicit,echo"request,\
nd"router"advert,nd"neighbor"advert}accept
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
60/77
NetworkPerformance
TCPPerformanceandLatencyImproveme
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
61/77
y p
! TCPFastOpen
sysctl:net.ipv4.tcp_fastopen={BitmapValues:0=Disabled[DEFAULT],1=EnablesClient"side,2=EnablesServer"side,4=SenddatainopeningSYNregardlessofcookie}
! TCPTail
Loss
Probe
(TLP)
Algorithm
and
TCP
Early
Retransmit
(ER)
sysctl:net.ipv4.tcp_early_retrans={0=disablesTLPandER# 1=enablesRFC5827ER# 2=delayedER3=TLPanddelayedER[DEFAULT]# 4=TLPonly}
! TCPSO_REUSEPORTOption
! TCPandUDPsocketsnowsupportaSO_REUSEPORToptionthatallowsmultiplesocketstolisport.
! Enablesmultipleprocesses(suchasawebserver)orthreadstoopenindividualsocketstolisten
! Anyconnectionsthatcomeinonthisportwillbeevenlydistributedacrossthesocketsbytheker
intsfd=socket(domain,socktype,0)#
intoptval=1#setsockopt(sfd,SOL_SOCKET,SO_REUSEPORT,&optval,sizeof(optval))#
bind(sfd,(structsockaddr*)&addr,addrlen)#
TCPBufferbloatAvoidance
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
62/77
! DynamicQueueLimitsandByteQueueLimits
! Fortestinganddevelopmentpurposes,theDQLLibraryisrequired:
voidnetdev_sent_queue(structnet_device*dev,unsignedintpkts,unsignedintbytes)#
voidnetdev_tx_sent_queue(structnetdev_queue*dev_queue,unsignedintpkts,unsignedintbyt
voidnetdev_completed_queue(structnet_device*dev,unsignedpkts,unsignedbytes)#
voidnetdev_tx_completed_queue(structnetdev_queue*dev_queue,unsignedpkts,unsignedbytes)
! TCPSmallQueues(TSQ)
! Buffersizecanmanuallyadjustedatruntime:
sysctl:net.ipv4.tcp_limit_output_bytes=[131072]
! CoDeland
Fair
Queue
CoDel
AQM
Packet
Schedulers
! Loadthekernelmoduleofthedesiredschedulerthenconfigureusingthe'tc'(trafficcontrol)com
#insmodsch_fq_codel.ko#tcqdiscadddevwlan0rootfq_codel
PF_PACKETPerformance
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
63/77
! VirtualNetlinkDeviceforPacketSockets
! Allowsavirtualnetlinkdevicetobeeasilyusedwithoutmodification(bytoolsliketcpdump,Wirmonitoringanddebuggingofnetlinktrafficthatisexchangedbetweenuserandkernelspace(wsocketsthroughthenlmondevicedriver.)
! Canbeusedtorecordpcapfilesforalateranalysiswithoutanycodechangesneededonthesanalyzers,exceptforaddingasimpleprotocoldissector,forexample.
BerkeleyPacketFilter(BPF)Just"In"TimeCom
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
64/77
! Mechanismforfastfilteringnetworkpacketsontheirwaytoanapplication.
! Usedbymanycommonpacketcapturetoolssuchaslibpcapandtcpdump.
! Just"In"Time(JIT)compilerincorporatedintothekerneltotranslateBPFcodedirectlyintothehostscode.
! BPFmachinemakestheJITtranslationrelativelysimpleallowingittocarryoutsomeofthenetworktaskssetbysniffertools
! Measurablesavingsofaround50nanosecondsperpacket!
! Standalone,minimalBPFJITimagedisassemblerhelperavailablein'netsniff"ng'package
! AllowsfordebuggingorverificationofemittedBPFJITimages.
! Usefulforemittedopcodedebugging,sinceminorbugsintheJITcompilercanbefatal.
! Disabledbydefault,butcanbeenabledatruntime:
sysctl:net.core.bpf_jit_enable={0=Disabled[DEFAULT],1=Enabled,2=DebugOutput}
JumpLabel
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
65/77
! Thenumberoftracepointsinthekernelisgrowing,andeachoneaddsanewtotestwhereavaluebefetched,addingtothepressureonthecachethushurtingperformance.
! Designedtoreducefunctioncalloverheadandoptimizethetracepointdisabledcase.
! Whenenabled,thecalltoaspecifictracepointcanbelookedupinthejumplabeltable,andthenreno"opinstructionswiththeassemblyequivalentof"gotolabel"enablingthetracepointfunction.
! Resultsinreducedruntimeperformancedegradationwhenstatictracepointsaredisabled.
FullDynticksKernelSupport(FullNOHZ)
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
66/77
! CPUscanbedivertedbetween100and1000timeseachsecondbytheperiodictimerinterrupt.
! ForidleCPUs,itallowstheperiodictimerinterrupttobedisabledforsleepingCPUsavoidingtheneuselessinterrupts(forenergysavingpurposes.).
! ForbusyCPUs,certainCPUscanremaininuser"modeenablingcriticalapplicationstomakefulluswhileeliminatingexpensivecontextswitching(hurtingapplicationlatency)duetointerruptionsbyke
! Usefulforuserslookingtogaineverylastbitofperformanceoutoftheirsystemforlatencysensitive
! Originallydesignedforreal"timeapplications,butcanalsobebeneficialforHPC(HighPerformanceworkloadswherethereisonlyasingletaskrunning.
! Resultsinperformanceimprovementsofaround0.5"1.0%fortypicalsystems.
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
67/77
NetworkProtocols
IEEE802.1adStackedVLANs(QinQ)
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
68/77
! SpecificationallowsformultiplevirtualLANs(VLANs)headerstobeinsertedintoasingleEthernetVLANconflictsacrossnetworkinfrastructures.
! EnablescustomerstoruntheirownVLANsinsideaserviceprovider'sassignedVLAN..
! Configurationisperformedusing"iplink"(fromiproute2):
#iplinkaddlinketh0eth0.1000typevlanproto802.1adid1000#iplinkaddlinketh0.1000eth0.1000.1000typevlanproto802.1qid1000
52:54:00:12:34:56>92:b1:54:28:e4:8c,ethertype802.1Q(0x8100),length106:vlan1000,p0,evlan1000,p0,ethertypeIPv4,(tos0x0,ttl64,id0,offset0,flags[DF],protoICMP(1),l20.1.0.1:ICMPechorequest,id3003,seq8,length64
92:b1:54:28:e4:8c>52:54:00:12:34:56,ethertype802.1Q"QinQ(0x88a8),length106:vlan1000,p802.1Q,vlan1000,p0,ethertypeIPv4,(tos0x0,ttl64,id47944,offset0,flags[none],pro
84)20.1.0.1>20.1.0.2:ICMPechoreply,id3003,seq8,length64
StreamControlTransmissionProtocol(SC
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
69/77
! TransportlayerprotocolservingasimilarroletocommonprotocolssuchasTransmissionControlPUserDatagramProtocol(UDP).
! Providessomeofthesameservicefeaturesofboth:
! Message"orientedlikeUDP
! Reliable,in"sequencetransportofmessageswithcongestioncontrollikeTCP
! Multihomingsupportenablestransparentfail"overbetweenredundantnetworkpaths.
! RHEL7betaimprovements:
! Support
for
changing
cryptographic
hash
function
in
SCTP
!
Allows
the
cryptographic
hash
function
to
be
changed
from
MD5
(default)
to
SHA1.! AdditionalSCTPassociationstatisticssupport
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
70/77
Diagnostics
Netsniff"ng:ifppsscreenshot
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
71/77
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
72/77
NewPackages&Libraries
GeoIP
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
73/77
! LibraryandutilitiesforprovidingIPAddressorhostnamemappingtocountry/city/organizationresol
! UsefulforidentifyinginformationaboutInternetvisitors.
! BindandNetsniff"nghavebeenenhancedtotakeadvantageofGeoIPACLsupportallowingrestricbasedonaclient'sgeographiclocation.
! IncludesbasicIPtocountrylookuputility:
#geoipupdateMD5Digestofinstalleddatabaseis52092bcfb13e2ca157b90519dc0d191fUpdating/usr/share/GeoIP/GeoLiteCountry.datUpdateddatabaseMD5Digestofinstalleddatabaseisf5ce2f7a4a156c580ed529600e84c5ceUpdating/usr/share/GeoIP/GeoLiteCity.datUpdateddatabase
#geoiplookup65.255.48.0GeoIPCountryEdition:TC,TurksandCaicosIsland
#geoiplookup31.209.144.0GeoIPCountryEdition:IS,Iceland
libnl3
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
74/77
! CollectionoflibrariesprovidingAPIstonetlinkprotocolbasedLinuxkernelinterfaces.
! Interfacesaresplitintoseveralsmalllibraries:
! libnl:CoreLibraryimplementingthefundamentals
! libnl"route:APItoconfigurationinterfacesoftheNETLINK_ROUTEfamily
! libnl"genl:APItogenericnetlinkprotocol
! libnl"nf:APItonetlinkbasednetfilterconfigurationandmonitoringinterfaces
! libnlisusedastheuser"spacecomponentofTeamDriver(libteam
andteamdpackages.)
! Documentationavailablewithinthe'libnl3"doc'package.
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
75/77
RemovedPackages&DiscontinuedNetworkDrive
RemovedNetworkManagementPackages
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
76/77
! OutlinedinSection4.2oftheRHEL7.0betaReleaseNotes:
! Wireless"tools
!
Basicwirelessdevicemanipulationfromthecommandlinecanbedonewith'iw'.! system"config"network
! Networkconfigurationcanbedonewithnm"connection"editor,nmcli,ornmtui.
!Note:nm"connection"editorisalsopresentinRedHatEnterpriseLinux6.
! system"config"firewall
! Firewallrulemanagementcanbedonewithfirewall"config(GUI)andfirewall"cmd(CLI).
!Note:system"config"firewallisstillavailableaspartofanalternativefirewallsolutionforstatic"onlyenvironiptablesservices.
DiscontinuedNetworkDrivers
-
8/11/2019 New Networking Features Tools for Red Hat Enterprise Linux 7 Beta
77/77
! OutlinedinSection4.4oftheRHEL7.0betaReleaseNotes(updatedlistprovidedbelow):
! 3c574_cs,c589_cs,3c59x,8390,
! acenic,amd8111e,at76c50x"usb,ath5k,axnet_cs,
! b43,b43legacy,can"dev,cassini,cdc"phonet,cxgb,dl2k,
! e100,ems_pci,ems_usb,fealnx,fmvj18x_cs,forcedeth,ixgb,kvaser_pci,
! libertas,liberatas_cs,libertas_tf,libertas_tf_usb,mac80211_hwsim,
! natsemi,ne2k"pci,niu,nmclan_cs,ns83820,
! p54pci,p54usb,pcnet32,pcnet_cs,pppol2tp,r6040,
! s2io,sc92031,sis190,sis900,sja1000,sja1000_platform,smc91c92_cs,
!
starfire,sundance,sungem,sungem_phy,sunhme,
! tehuti,tlan,typhoon,usb8xxx,vcan,
! via"rhine,via"velocity,vxge,xirc2ps_cs,zd1211rw